CINXE.COM

<!doctype html> <html lang="en-US"> <head> <base href="https://security.opera.com/en/policy/"> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width"> <link rel="icon" type="image/x-icon" href="https://security.opera.com/wp-content/themes/opera-2018/static/img/favicon.94e3b24366e3faaceae2583c84668c09.ico"> <meta name="robots" content="index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1"> <link rel="alternate" hreflang="en" href="https://security.opera.com/en/policy/"> <link rel="alternate" hreflang="x-default" href="https://security.opera.com/en/policy/"> <title>Vulnerability Policy - Opera Security Team</title> <meta name="description" content="How Opera handles security threats, responsible disclosure, 0-day vulnerabilities, and more to keep users safe."> <link rel="canonical" href="https://security.opera.com/en/policy/"> <meta property="og:locale" content="en_US"> <meta property="og:type" content="article"> <meta property="og:title" content="Vulnerability Policy"> <meta property="og:description" content="How Opera handles security threats, responsible disclosure, 0-day vulnerabilities, and more to keep users safe."> <meta property="og:url" content="https://security.opera.com/en/policy/"> <meta property="og:site_name" content="Opera Security Team"> <meta property="article:modified_time" content="2024-10-28T16:13:02+00:00"> <meta name="twitter:card" content="summary_large_image"> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebPage","@id":"https://security.opera.com/en/policy/","url":"https://security.opera.com/en/policy/","name":"Vulnerability Policy - Opera Security Team","isPartOf":{"@id":"https://security.opera.com/en/#website"},"datePublished":"2018-03-14T09:36:54+00:00","dateModified":"2024-10-28T16:13:02+00:00","description":"How Opera handles security threats, responsible disclosure, 0-day vulnerabilities, and more to keep users safe.","breadcrumb":{"@id":"https://security.opera.com/en/policy/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://security.opera.com/en/policy/"]}]},{"@type":"BreadcrumbList","@id":"https://security.opera.com/en/policy/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://security.opera.com/en/"},{"@type":"ListItem","position":2,"name":"Vulnerability Policy"}]},{"@type":"WebSite","@id":"https://security.opera.com/en/#website","url":"https://security.opera.com/en/","name":"Opera Security Team","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://security.opera.com/en/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}</script> <link rel="alternate" type="application/rss+xml" title="Opera Security Team » Feed" href="https://security.opera.com/en/feed/"> <link rel="stylesheet" id="wp-block-library-css" href="https://www-static-sites.operacdn.com/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2" type="text/css" media="all"> <style id="classic-theme-styles-inline-css" type="text/css"> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id="global-styles-inline-css" type="text/css"> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel="stylesheet" id="wpml-blocks-css" href="https://www-static-sites.operacdn.com/wp-content/plugins/sitepress-multilingual-cms/dist/css/blocks/styles.css?ver=4.6.13" type="text/css" media="all"> <link rel="stylesheet" id="opera-2018-css" href="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/css/opera-2018.35707f03986300178f00c373e9d5fe98.css" type="text/css" media="all"> <script type="text/javascript" id="wpml-cookie-js-extra"> /* <![CDATA[ */ var wpml_cookies = {"wp-wpml_current_language":{"value":"en","expires":1,"path":"\/"}}; var wpml_cookies = {"wp-wpml_current_language":{"value":"en","expires":1,"path":"\/"}}; /* ]]> */ </script> <script type="text/javascript" src="https://www-static-sites.operacdn.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.6.13" id="wpml-cookie-js" defer data-wp-strategy="defer"></script> <script type="text/javascript" src="https://www-static-sites.operacdn.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://www-static-sites.operacdn.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://security.opera.com/xmlrpc.php?rsd"> <meta name="generator" content="WordPress 6.6.2"> <link rel="shortlink" href="https://security.opera.com/en/?p=5"> <meta name="generator" content="WPML ver:4.6.13 stt:5,1,3,25,17,40,45,2,52,53;"> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-TGMM5CW');</script> <meta http-equiv="X-Translated-By" content="Google"> <meta http-equiv="X-Translated-To" content="fr"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=corsproxy" data-sourceurl="https://security.opera.com/en/policy/"></script> <link href="https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200" rel="stylesheet"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=phishing_protection" data-phishing-protection-enabled="false" data-forms-warning-enabled="true" data-source-url="https://security.opera.com/en/policy/"></script> <meta name="robots" content="none"> </head> <body class="page-template-default page page-id-5"> <script type="text/javascript" src="https://www.gstatic.com/_/translate_http/_/js/k=translate_http.tr.en_GB.omlEigW4xY8.O/am=DgY/d=1/exm=corsproxy,phishing_protection/ed=1/rs=AN8SPfpjsL9kUWY0h-sp7Ilu7hZWGwEmeg/m=navigationui" data-environment="prod" data-proxy-url="https://security-opera-com.translate.goog" data-proxy-full-url="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB" data-source-url="https://security.opera.com/en/policy/" data-source-language="pl" data-target-language="fr" data-display-language="en-GB" data-detected-source-language="" data-is-source-untranslated="false" data-source-untranslated-url="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://security.opera.com/en/policy/&anno=2" data-client="tr"></script> <noscript> <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TGMM5CW" height="0" width="0" style="display:none;visibility:hidden"></iframe> </noscript> <header id="header" class="page-header hf__header" role="banner"> <section id="branding" class="page-holder"> <div id="site-title" class="page-header-site-title"><a class="o-logo" href="https://security-opera-com.translate.goog/en/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB" title="Opera Security Team" rel="home"> <picture> <source srcset="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/logo-negative@2x.26081e42aa65653accb46cf13eb880fe.png" media="(prefers-color-scheme: dark)"> <source srcset="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/logo@2x.5a8d5bfd19fb0c5cc0a05ba22b08182d.png" media="(prefers-color-scheme: light), (prefers-color-scheme: no-preference)"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/logo@2x.5a8d5bfd19fb0c5cc0a05ba22b08182d.png" class="o-logo-image" title="Opera Security Team"> </picture> <span class="o-logo-txt o-logo-txt-service"> security </span> </a> </div> <nav id="menu" class="page-header-main-nav" role="navigation"> <div class="page-header-main-menu"> <div class="menu-security-main-menu-container"> <ul id="menu-security-main-menu" class="page-header-main-menu-list"> <li id="menu-item-3665" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-3665"><a href="https://security-opera-com.translate.goog/en/bug-bounty/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Bug Bounty</a></li> <li id="menu-item-4232" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4232"><a href="https://security-opera-com.translate.goog/en/privacy-inquiry/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Privacy Inquiry</a></li> <li id="menu-item-4231" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-4231"><a href="https://security-opera-com.translate.goog/en/report-security-issue/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Report an Issue</a></li> <li id="menu-item-14" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-14"><a href="https://security-opera-com.translate.goog/en/hall-of-fame/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Hall of Fame</a></li> <li id="menu-item-1141" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-1141"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://blogs.opera.com/security/">Security Blog</a></li> </ul> </div> </div> </nav> </section> </header> <main id="container"> <div class="page-holder page-layout"> <section id="content" role="main"> <article id="post-5" class="post-5 page type-page status-publish hentry"> <header class="header"> <h1 class="entry-title">Vulnerability Policy</h1> </header> <section class="entry-content"> <div class="novisuals"> <h4>Table of contents</h4> <ul> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#security-reports">How we handle security reports</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#vulnerabilities-disclosed">How vulnerabilities are disclosed</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#security-group">How Opera’s security group works</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#security-issues-rated">How security issues are rated</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#opera-zero-day-threats">Opera and 0-day threats</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#application-affected">What if Opera is not the only application affected?</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#more-information">More information</a></li> <li><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB#references">References</a></li> </ul> <p>Opera is committed to your security, and we have a long and proven track record of fulfilling that commitment. Below, we take you through the process of how we handle security vulnerabilities when they are discovered and what steps we take to keep you, and others who are using our product, safe while online.</p> <h4 id="security-reports" class="top-border">How we handle security reports</h4> <p>Security reports are always dealt with as a matter of the highest priority. When security reports are received, the potential threat is assessed as soon as possible. When a reported issue is identified as a security issue, the reporter is contacted. As is the industry convention, a disclosure date is agreed with the reporter.</p> <p>A disclosure date is agreed upon on a case-by-case basis. The delay between report and disclosure allows a fix to be prepared and tested and checked for any other related problems. At the same time, it ensures that users are not left with a publicized vulnerability, without any means to upgrade. As is the industry convention, a disclosure date is communicated to the reporter <strong>(up to 90 days)</strong>.</p> <p>When and where necessary, the reporter may also be asked for more information about how to reproduce the issue. Occasionally, reports of possible security issues are found not to be about exploitable security issues. Where appropriate, the reporter will be contacted with an explanation of why we believe this is not a security issue.</p> <p>Please note: reports without a clear description of steps to reproduce the issue and proofs-of-concept will likely be closed as invalid on our side.</p> <h4 id="vulnerabilities-disclosed" class="top-border">How vulnerabilities are disclosed</h4> <p>In order to protect our users, we encourage responsible disclosure, which involves not disclosing vulnerability details to any third party until we have had a chance to fix the issue. Our fix will be mentioned in changelogs, and we will typically link to a security advisory. In some cases, we may choose to wait before publishing the advisory, for instance, when other vendors are still vulnerable. An advisory contains details of the issue, our solution to the issue, and in most cases, a recommendation to upgrade to the latest, official release. It will not usually explain how an issue may be exploited, but it will contain enough information to identify a specific issue. If the reporter has practiced responsible disclosure, we will credit them in the advisory.</p> <h4 id="security-group" class="top-border">How Opera’s security group works</h4> <p>In addition to dealing with incoming reports, Opera’s security group proactively looks for potential security issues. When new technologies are considered or implemented, our security group assesses those technologies for possible security implications, and specifications and implementations may be changed accordingly.</p> <p>After implementation and release, this effort continues. If issues are discovered, they are fixed, and the fix is released in a new Opera version. Where appropriate, the release changelog will mention the security fix, and an advisory may be issued.</p> <h4 id="security-issues-rated" class="top-border">How security issues are rated</h4> <p>When security agencies report an issue, they will typically include a severity rating, based on how easy it is to exploit the issue and the potential effects of a successful exploit. Examples include the following:</p> <ul> <li>Crashers that prevent the application from restarting.</li> <li>Possibility to make one website appear to be another website.</li> <li>Ability to execute arbitrary code.</li> <li>Ability to read files on the user’s system or login information for other sites.</li> </ul> <p>As the issue is investigated, more details may be discovered about the severity or ease of exploitation. In some cases, we may find that the reporter has given the issue too high or too low a rating. This may mean that we give an updated rating, based on our own knowledge of the issue. This rating may also be revised following further investigation.</p> <h4 id="opera-zero-day-threats">Opera and 0-day threats</h4> <p><span style="font-weight: 400">When it comes to cybersecurity, 0-day, or zero-day, is probably the most serious level of threat a software provider has to deal with. The name comes from the fact that the software provider has zero days at their disposal to mitigate or address the threat – it is active, here and now, and can put users at risk.</span></p> <p><span style="font-weight: 400">At the same time, 0-day has become one of the most overused terms in the industry. Even cybersecurity experts disagree with each other on how exactly to define a 0-day. But everyone can agree they should be dealt with as soon as possible – or risk leaving users unprotected from a potentially major threat.</span></p> <p><span style="font-weight: 400">As such, we believe it is vital to assign the proper weight to the term. </span>Opera considers a 0-day threat to be a serious security vulnerability, which:</p> <ul> <li>the software provider doesn’t know about</li> <li>has been discovered by bad actors and has been made public, and</li> <li>at the time it becomes public, continues to be unpatched</li> </ul> <p><span style="font-weight: 400">This is why responsible disclosure is an important part of cybersecurity. If a vulnerability is discovered by a security expert and responsibly disclosed to the software vendor, and a fix is developed and released before it is publicly disclosed, it is not considered a 0-day.</span></p> <p><span style="font-weight: 400">The cybersecurity community has come up with more detailed breakdowns of the term, including </span><i><span style="font-weight: 400">0-day vulnerability</span></i><span style="font-weight: 400"> – where a vulnerability is discovered but not actively exploited; </span><i><span style="font-weight: 400">0-day attack</span></i><span style="font-weight: 400"> – where bad actors discover the vulnerability and actively attack it; and </span><i><span style="font-weight: 400">0-day exploit</span></i><span style="font-weight: 400"> – which is the method that bad actors have come up with to perform a 0-day attack by exploiting that vulnerability. However, many respected experts believe that this risks watering down the magnitude and seriousness of a 0-day threat. This is why at Opera, we prefer adhering to the more traditional definition.</span></p> <h4 id="application-affected" class="top-border">What if Opera is not the only application affected?</h4> <p>Occasionally, we find that an issue affects applications released by other vendors. In these cases, if the original reporter has not contacted the other vendors, we may contact the affected vendors.</p> <p>In these cases, the disclosure date may be delayed to give the other vendors time to issue their own patches. Web security depends on vendors cooperating to improve protection for all users. Publicly disclosing details of the vulnerability before the other vendors have had an opportunity to fix their applications would leave their users vulnerable. Security advisories will usually be released by vendors and the reporter on the new agreed date. If a patched release is issued earlier than this date, its changelog may not contain details of the vulnerability but should contain a note saying that it is a security upgrade and that more details will be added later.</p> <h4 id="more-information" class="top-border">More information</h4> <p>For more information on how Opera handles security issues, please see our <a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/blogs/security/" target="_self" rel="noopener noreferrer">Opera Security blog</a>. Security issues can be reported securely through the Opera <a href="https://security-opera-com.translate.goog/report-security-issue/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB" target="_self" rel="noopener noreferrer">bug tracking system</a>.</p> <h4 id="references">References</h4> <ul> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/privacy/" target="_self" rel="noopener noreferrer">Opera privacy policy</a></li> <li>Desktop changelog: see <a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://blogs.opera.com/desktop/" target="_self" rel="noopener noreferrer">Opera Desktop Team’s Blog</a></li> <li>Mobile changelog: see <a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://blogs.opera.com/mobile/">Opera Mobile Team’s Blog</a></li> </ul> </div> <div class="entry-links"></div> </section> </article> </section> <aside id="sidebar" class="aside" role="complementary"> <div id="primary" class="widget-area"> <ul class="xoxo"> <li id="nav_menu-2" class="widget-container widget_nav_menu"> <div class="menu-security-aside-menu-container"> <ul id="menu-security-aside-menu" class="menu"> <li id="menu-item-1031" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1031"><a href="https://security-opera-com.translate.goog/en/desktop-and-web-services-faq/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Desktop, AI Benchmarking tool and Services FAQ</a></li> <li id="menu-item-1032" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-1032"><a href="https://security-opera-com.translate.goog/en/mobile-browsers-faq/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Mobile Browsers FAQ</a></li> <li id="menu-item-1194" class="menu-item menu-item-type-post_type menu-item-object-page current-menu-item page_item page-item-5 current_page_item menu-item-1194"><a href="https://security-opera-com.translate.goog/en/policy/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB" aria-current="page">Vulnerability Policy</a></li> <li id="menu-item-12011" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-12011"><a href="https://security-opera-com.translate.goog/en/webpki-trust-anchors/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">WebPKI & Trust Anchors</a></li> <li id="menu-item-2315" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-2315"><a href="https://security-opera-com.translate.goog/en/advisories/?_x_tr_sl=pl&_x_tr_tl=fr&_x_tr_hl=en-GB">Security Advisories</a></li> </ul> </div></li> </ul> </div> </aside> </div> </main> <footer class="hf hf__footer"> <div class="menu-common-footer-container"> <ul id="menu-common-footer" class="hf-wrapper hf__columns"> <li id="menu-item-38" class="hf__heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-38"><a>Download Opera</a> <ul class="sub-menu"> <li id="menu-item-40" class="hf__sub-heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-40"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/computer">Computer browsers</a> <ul class="sub-menu"> <li id="menu-item-182" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-182"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/download?os%3Dwindows">Opera for Windows</a></li> <li id="menu-item-183" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-183"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/download?os%3Dmac">Opera for Mac</a></li> <li id="menu-item-184" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-184"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/download?os%3Dlinux">Opera for Linux</a></li> <li id="menu-item-47" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-47"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/beta">Opera beta version</a></li> <li id="menu-item-185" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-185"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/computer/portable">Opera USB</a></li> </ul></li> <li id="menu-item-41" class="hf__sub-heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-41"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/mobile">Mobile browsers</a> <ul class="sub-menu"> <li id="menu-item-186" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-186"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/mobile/operabrowser">Opera for Android</a></li> <li id="menu-item-187" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-187"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/mobile/mini/android">Opera Mini</a></li> <li id="menu-item-188" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-188"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/browsers/opera/ios">Opera for iOS</a></li> <li id="menu-item-189" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-189"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/mobile/basic-phones">Opera for basic phones</a></li> </ul></li> </ul></li> <li id="menu-item-45" class="hf__heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-45"><a>Services</a> <ul class="sub-menu"> <li id="menu-item-49" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-49"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://addons.opera.com">Add-ons</a></li> <li id="menu-item-50" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-50"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://auth.opera.com/account/login">Opera account</a></li> <li id="menu-item-190" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-190"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://addons.opera.com/wallpapers">Wallpapers</a></li> <li id="menu-item-299" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-299"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/ads">Opera Ads</a></li> </ul></li> <li id="menu-item-51" class="hf__heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-51"><a>Help</a> <ul class="sub-menu"> <li id="menu-item-43" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-43"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/help">Help & support</a></li> <li id="menu-item-44" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-44"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://blogs.opera.com">Opera blogs</a></li> <li id="menu-item-42" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-42"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://forums.opera.com">Opera forums</a></li> <li id="menu-item-46" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-46"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://dev.opera.com">Dev.opera</a></li> </ul></li> <li id="menu-item-191" class="hf__heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-191"><a>Legal</a> <ul class="sub-menu"> <li id="menu-item-192" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-192"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://security.opera.com/">Security</a></li> <li id="menu-item-193" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-193"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/privacy">Privacy</a></li> <li id="menu-item-195" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-195"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/privacy/cookies">Cookies Policy</a></li> <li id="menu-item-252" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-252"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/eula">EULA</a></li> <li id="menu-item-194" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-194"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/terms">Terms of Service</a></li> </ul></li> <li id="menu-item-53" class="hf__heading menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-53"><a>Company</a> <ul class="sub-menu"> <li id="menu-item-54" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-54"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/about">About Opera</a></li> <li id="menu-item-56" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-56"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/newsroom">Press info</a></li> <li id="menu-item-55" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-55"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://jobs.opera.com">Jobs</a></li> <li id="menu-item-68" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-68"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://investor.opera.com">Investors</a></li> <li id="menu-item-52" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-52"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/b2b">Become a partner</a></li> <li id="menu-item-57" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-57"><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.opera.com/contact">Contact us</a></li> </ul></li> </ul> </div> <div class="hf-wrapper hf__bottom"> <div class="hf__social-box"> <h2 class="hf__headline hf-hide">Follow Opera</h2> <ul class="hf__social-icons"> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.facebook.com/Opera/" rel="noopener nofollow" target="_blank" title="Opera - Facebook"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/social-icons/fb.310680177b35f9dec2dbbd9d9fae7d71.svg" alt="Opera - Facebook"> </a></li> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://twitter.com/opera" rel="noopener nofollow" target="_blank" title="Opera - Twitter"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/social-icons/twitter.e61b36b125f758c258d05bb40ad9e7c3.svg" alt="Opera - Twitter"> </a></li> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.youtube.com/opera" rel="noopener nofollow" target="_blank" title="Opera - Youtube"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/social-icons/youtube.dd4d134273363333b101294e9045d878.svg" alt="Opera - Youtube"> </a></li> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.linkedin.com/company/opera-software" rel="noopener nofollow" target="_blank" title="Opera - LinkedIn"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/social-icons/linkedin.ebb872de9c6ca0a8591f7a7ec78b3cff.svg" alt="Opera - LinkedIn"> </a></li> <li><a href="https://translate.google.com/website?sl=pl&tl=fr&hl=en-GB&u=https://www.instagram.com/opera/" rel="noopener nofollow" target="_blank" title="Opera - Instagram"> <img src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/img/social-icons/instagram.9758b732f8ab5fc6c8b02d84fb758fdf.svg" alt="Opera - Instagram"> </a></li> </ul> </div> <div class="hf__company-box "> <p>© Opera Software 1995-<span id="current-year"></span></p> </div> <div class="hf__lang-box"><span class="hf-hide">Select your language:</span> <select id="hf__lang-selector" class="hf__lang-selector" onchange="location=this.options[this.selectedIndex].value;"> <option data-name="en" value="https://security.opera.com/en/policy/" selected>English</option> </select> </div> </div> </footer> <script type="text/javascript" src="https://www-static-sites.operacdn.com/wp-content/themes/opera-2018/static/js/scripts.93f5cad61f8fb5f0215e89746669dfee.js"></script> <script>function gtElInit() {var lib = new google.translate.TranslateService();lib.translatePage('pl', 'fr', function () {});}</script> <script src="https://translate.google.com/translate_a/element.js?cb=gtElInit&hl=en-GB&client=wt" type="text/javascript"></script> </body> </html>